You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

My first post to this site and hopefully I am in the right place. I picked up a friends computer thinking I was the hot shot problem solver, and what do my wondering eyes do appear,a nasty little virus not one from my ear. I have found more than 3 different viruses that I can not clean.I have done many searches on the TROJ_DLOADER and can not find anything about it.

TROJ_DLOADER.SYZ
TROJ_DLOADER.SXR
PE_TRATS.A
TROJ_VB.JAA
PE_TRATS.A-O

I have used the following to try and get rid of these buggars. In Safe Mode, not in safe mode etc...
I do have hijack this and can post a log file if need be. This is no fun.But I am not a quitter.

In order to properly identify this malware and assist you better, we need some specific information.

What program is alerting you to the infection?
Did your scan provide a specific file name associated with these malware threats and if so, where are they located (full file path) at on your system? If your scan saved a log file, it should show exactly what and where the malware has been found so post that instead.

thanks qman
right now I am in the process of running the super antispyware, after, running the ATF program. So far I am up to 11 threats and 7 are of the Vundo variety.The others are Trojan.downloader-gen. So far this is working better than anything else I have tried, when I have finished I will post the results.

Files not scanned:C:\pagefile.sysC:\WINDOWS\$NtUninstallKB828741$\catsrv.dllC:\WINDOWS\$NtUninstallKB828741$\catsrvut.dllC:\WINDOWS\$NtUninstallKB828741$\clbcatex.dllC:\WINDOWS\$NtUninstallKB828741$\clbcatq.dllC:\WINDOWS\$NtUninstallKB828741$\colbact.dllC:\WINDOWS\$NtUninstallKB828741$\comadmin.dllC:\WINDOWS\$NtUninstallKB828741$\comrepl.exeC:\WINDOWS\$NtUninstallKB828741$\comsvcs.dllC:\WINDOWS\$NtUninstallKB828741$\comuid.dllC:\WINDOWS\$NtUninstallKB828741$\es.dllC:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dllC:\WINDOWS\$NtUninstallKB828741$\msdtctm.dllC:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dllC:\WINDOWS\$NtUninstallKB828741$\mtxclu.dllC:\WINDOWS\$NtUninstallKB828741$\mtxoci.dllC:\WINDOWS\$NtUninstallKB828741$\ole32.dllC:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dllC:\WINDOWS\$NtUninstallKB828741$\rpcss.dllC:\WINDOWS\$NtUninstallKB828741$\txflog.dllC:\WINDOZE\SoftwareDistribution\EventCache\AD674747-B713-477E-BFA8-4BD66114FFF0.bin

Some files could not be scanned. These files may be encrypted or in use by either Windows or another application.

The scanner cannot scan files that are locked by Windows, but most of these files are at a very low risk of infection. These include files with a .log extension (or no extension at all), virtual memory files (*.swp in Windows 95/98 or pagefile.sys in Windows NT/2000) and System Registry files (user.dat, system.dat, ntuser.dat).

If you would like to scan these files, close all open applications, decrypt any encrypted files, and try again. If you still cannot access the files, use the Virus Rescue Disk to scan them.

In some cases you may need to use the Virus Rescue Disk set. The disk set, including instructions, can be downloaded from http://www.v-com.com/virusinfo/rescue.html. Please use a machine that is not infected with a virus to create the disk set. Please note the Virus Rescue Disk set is only compatible with FAT file systems. Windows NT and operating systems that are installed on NTFS file system are incompatible.

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.

Since you have so many infected files, lets check your system a little more.

Please download SDFix by AndyManchesta and save it to your desktop.alternate downloadWhen using this tool, you must use the Administrator's account or an account with "Administrative rights"

Double click SDFix.exe and it will extract the files to %systemdrive%

(this is the drive that contains the Windows Directory, typically C:\SDFix).

DO NOT use it just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load, the SDFix report will open on screen and also save a copy into the SDFix folder as Report.txt.

Copy and paste the contents of Report.txt in your next reply.

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."Please go to Start Menu > Run > and copy/paste the following line:%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.regPress Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:%systemdrive%\SDFix\apps\FixPath.exe /QReboot and then run SDFix again.

Here is the log from SD Fix, I am still getting a Systemsuite scanner alert saying that I am still infected with the Troj_DLoader.SXR I feel that it is running a little faster but it still is not right. Thanks again for all of your help. You just can't get in a hurry with these Beast's.

Did your scan provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system? If your scan saved a log file, it should show exactly what and where the malware has been found so post that instead.

I had a similar problem. Tried: scan with Trend Internet Security 2008, scan with Trend Housecall, scan with Panda PAVCL, scan with Ad-aware 7, then on to the help forums.

What finally fixed it was running Smitfraud, Superantispyware (www.superantispyware.com), Spywareterminator (www.spywareterminator.com). Also had to go to Windows directory and delete default.htm--which is the wallpaper that drives you nuts--telling you that you are at risk.

Had to do the above on a laptop.

Had another client with an identical problem on a desktop--much easier to fix. Just took his hard drive, put it as a second drive in my shop machine and ran a virus and spyware scan from the C drive. Cleared it right up. Worked so well because the system was not running files on that particular drive. This was not an option on the laptop.

Art

I have the power to channel my imagination into ever-soaring levels of suspicion and paranoia.